What can I do with Sieve?

Sieve is a powerful mail filtering system that, among other things, allows you to store mail in particular folders on the server. You can then view the folders using Webmail or another IMAP mail program. This allows you to sort your mail even if you use a mail reader like the iPhone that doesn’t directly support filtering.

Note that you can’t view server mail folders using a POP mail connection — you can only see them with Webmail and IMAP. You probably won’t want to use Sieve filters if you read email using POP (unless the only thing you’re trying to do is put some messages in your “Trash” folder on the server, meaning you don’t care if you never see them at all through your POP connection).

How does Sieve work?

Sieve filters are made up of simple rules, like “put all messages from Amazon.com into the email folder named ‘Amazon’”. The rules are written in the text-based Sieve “scripting language”.

You can write Sieve rules from scratch yourself, borrow rules from examples like the ones below, or use software that makes it easier. Some mail programs (or mail program “plugins”) can create Sieve rules for you.

However you create them, the rules get put in a text file that is placed on our servers. Some software can automatically put the file in the right place so you don’t need to worry about the files.

Note that Sieve filtering is different from client-side filtering rules that you might create in Webmail, Thunderbird, Outlook, or any other mail program. Those only affect mail that the client software sees. Sieve instead acts on messages at the mail server level when they arrive on our servers, before they’re seen by any mail software.

Sieve filtering for individual mailboxes

To use Sieve filtering for address@example.com, you’d place the Sieve script file at this location in the mailbox directory:

Sieve filtering for an entire domain name

In addition to filters for each mailbox, it’s possible to create filters that apply to all addresses at your domain name. This is done by placing script files named “domain-before.sieve” and/or “domain-after.sieve” in your domain’s home directory:

A “domain-before.sieve” script (if one exists) runs before any per-mailbox “mailbox.sieve” script, and a “domain-after.sieve” script (if one exists) runs after. So when a message arrives, three different Sieve script files will be searched for and used if present, in this order:

Each script is used only if a previous script didn’t discard the message or file it into a folder, so the order matters. If you want to create domain-wide rules that override “mailbox.sieve” scripts, you’d put them in the “domain-before.sieve” script. To create domain-wide rules that are used only if “mailbox.sieve” doesn’t do anything, you’d put them in “domain-after.sieve”.

Sieve example rules

Here are some example rules to show what can be done with Sieve filtering.

Messages from a certain sender address

File a message from “someone@example.org” into a folder named “Someone”:

The difference between header addresses and envelope addresses

The examples above using the “address” test only work if that address actually appears in the “From”, “To” or “CC” headers of a message. It’s possible for you to receive a message where your address doesn’t appear in either header because it’s been BCCed to you (possibly through a mailing list that effectively BCCs all mail). The “envelope to” test can be used for that, because it tests the address the message actually arrived for:

In general, the “envelope to” test is the most reliable if you’re checking which address a message was sent to.

Similarly, each message has what’s called an “envelope sender” or “Return-Path” address that’s normally invisible unless you view the full headers of a message. This address is usually the same as the “From” header address, but it can sometimes be different, especially with spam or mailing lists. The “envelope from” test can be used to match that:

Detecting BCCs

One thing you might notice is that most of the spam you get appears to have been BCCed to you: your address doesn’t appear in the “To” or “CC” headers of a message. The same is true of most (but not all) mail from mailing lists.

You can also flag a message if it matches a certain SpamAssassin rule. For example, this catches any message that triggers SpamAssassin’s “talks about lots of money” rule, comes from Yahoo, and don’t contain “example.com” in the "To" or "CC" header (meaning it was BCC:ed to you):

Discarding all new mail

We occasionally hear from customers who need to keep all existing mail in a mailbox (perhaps for legal reasons), but want to discard all new mail, and don’t even want it to take up disk space in the Trash. You can do this with a sieve file containing this single line:

discard;

This is, of course, very dangerous. There’s no way to get it back if you do this.

Handling “bounces”

If a spammer forges your address and you get a lot of “bounces”, you can put them in a separate folder:

It’s wise to always include the “:copy” to avoid deleting the original. If you really think you don’t want to keep a copy of forwarded messages, you might want to put them in the Trash instead of discarding them, so you can retrieve them if something goes wrong:

This first checks that the message subject does not contain any printable characters, then checks that the message body contains only “http://” followed by one or more printable characters, possibly surrounded by spaces (but nothing else) on both sides.

Blocking certain filenames

You can use the “body” check with the extra keyword “:raw” to examine the “raw content” of a message, which lets you do things like block messages containing certain filenames (attachments).

Note that unlike our general filetype blocking, this kind of thing only catches top-level filenames, and can’t “look inside” a .zip file, for example.

Learning more about Sieve

Other samples, and much more information, can be found on the Sieve home page.

The Sieve “reject” action

Some versions of Sieve offer a “reject” action, which creates a new outgoing “bounce” message to the person who sent the original email.

We intentionally do not support “reject”. This is because it’s very difficult to tell who the true sender of a message is — in particular, if a message is spam, the spammer almost certainly forged the sending address.

If you used a “reject” action, you’d end up sending copies of spam to innocent strangers (this is called backscatter). Those strangers will complain to their ISP, who will block all mail from your domain name. You’ll then be unable to send any email to people who use AOL, or Comcast, or another large site. This is not what you want.

Instead of using “reject”, file the message into a folder (or use “discard” if you’re feeling brave, although we’d never do that ourselves).

Why doesn’t the Mozilla Thunderbird Sieve add-on connect properly?

As of this writing, the featured 0.2.2 version of the Sieve add-on for Thunderbird does not work properly with Thunderbird 24 and later: it will simply fail to connect due to a Thunderbird incompatibility.

The development version 0.2.3 fixes this, and is available from the Sieve add-on “nightly builds” page. You can install the latest version by following the instructions there and it should work.

The correct settings for the add-on in the “Server” and “Security” screens are:

Server Name:

IMAP Server: mail.tigertech.net

Server Port:

4190 (Default)

Connection Security:

Force TLS

Authentication:

IMAP Username and Password

The other settings should usually be left alone, at their defaults.

If you have trouble connecting to the server, make sure that the “Proxy” setting is Direct Connection; we’ve seen a couple of cases where it somehow gets set to use a proxy instead.

Some technical notes

Sieve rules can be complicated, and there’s a lot to remember. Here are some notes about Sieve features that we often have to look up ourselves:

You can specify a mail subfolder by listing all of the folders on the “path” to the subfolder, each separated by a dot. For example, if you have a folder named “Travel” which then has a subfolder named “Summer Vacation”, you can specify the subfolder using fileinto "Travel.Summer Vacation".

The different comparisons available are :is (an exact, full match — recommended for full addresses or domain names), :contains (matches a substring), :matches (a full match that allows DOS-style wildcards ? and *), and :regex (which matches regular expressions). If you don’t specify a comparison, :is will be used, so header :is "Subject" "Spam" does the same thing as header "Subject" "Spam".

By default, the Sieve body check presents the message body as a single line string that contains no carriage returns or line feeds, allowing you to easily match regex rules against the entire message as in the “body :regex” example above.

If you want to test a Sieve filtering file and see exactly what it will do for a given messages, advanced users can use a program named “sieve-test” from the command line shell. Type man sieve-test to see the documentation for it.